Publications
Rafay Baloch is an author of numerous publications in the field of Cyber Security. The following is the list of his publications:
Rafay Baloch is an author of numerous publications in the field of Cyber Security. The following is the list of his publications:
Poking A Hole In Whitelist For Bypassing Firewall
Poking A Hole In Whitelist For Bypassing Firewall
Domain Fronting is a widely popular technique that has been used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent censorship or by malware for establishing a Command and Control C2 channel in restricted network environments.
In this Paper, we look at various forms of Domain Fronting along with few other techniques that can be utilized for circumventing firewalls, Deep Packet Inspection devices and captive portals. We will be dissecting a well-known for bypassing internet censorship bypass known as PSIPHON and will demonstrate how it utilizes Domain Fronting for bypassing Captive Portals.
Bypassing Browser Security Policies For Fun And Profit
Mobile browsers in comparison to desktop browsers are relatively new and have not gone under same level of scrutiny. Browser vendors have introduced and implemented tons of protection mechanisms against memory corruption exploits, which makes it very difficult to write a reliable exploit that would work under all circumstances. This leaves us with the "other" category of Client Side attacks. In this presentation, we will present our research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy," and "Content Security Policy," etc.
We will present several bypasses that were found in various mobile browsers during our research. In addition, we will also uncover other interesting security flaws found during our research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass, etc., as found in Android Browsers. We will also talk about the testing methodology that we used to uncover several android zero days.
Apart from the theory, our presentation will also disclose a dozen of the most interesting examples of security vulnerabilities and weaknesses highlighted above, which we identified in the most popular Android third-party web browsers, and in Android WebView itself.
We will explain the root cause of the bug and demonstrate their exploitation, show examples of vulnerable code and, where possible, patches that were issued to address these vulnerabilities. Finally, we will demonstrate a sample test suite which can be used to assess basic security properties of any mobile web/browser.
Domain Fronting is a widely popular technique that has been used for evading Firewalls, DPI’s and censors. Domain Fronting takes advantage of legitimate high reputation cloud providers, more specifically, Content Delivery Networks (CDN), for evasion. This technique has been commonly used in the wild to circumvent censorship or by malware for establishing a Command and Control C2 channel in restricted network environments.
In this Paper, we look at various forms of Domain Fronting along with few other techniques that can be utilized for circumventing firewalls, Deep Packet Inspection devices and captive portals. We will be dissecting a well-known for bypassing internet censorship bypass known as PSIPHON and will demonstrate how it utilizes Domain Fronting for bypassing Captive Portals.
Bypassing Browser Security Policies For Fun And Profit
Mobile browsers in comparison to desktop browsers are relatively new and have not gone under same level of scrutiny. Browser vendors have introduced and implemented tons of protection mechanisms against memory corruption exploits, which makes it very difficult to write a reliable exploit that would work under all circumstances. This leaves us with the "other" category of Client Side attacks. In this presentation, we will present our research about bypassing core security policies implemented inside browsers such as the "Same Origin Policy," and "Content Security Policy," etc.
We will present several bypasses that were found in various mobile browsers during our research. In addition, we will also uncover other interesting security flaws found during our research such as Address Bar Spoofing, Content Spoofing, Cross Origin CSS Attacks, Charset Inheritance, CSP Bypass, Mixed Content Bypass, etc., as found in Android Browsers. We will also talk about the testing methodology that we used to uncover several android zero days.
Apart from the theory, our presentation will also disclose a dozen of the most interesting examples of security vulnerabilities and weaknesses highlighted above, which we identified in the most popular Android third-party web browsers, and in Android WebView itself.
We will explain the root cause of the bug and demonstrate their exploitation, show examples of vulnerable code and, where possible, patches that were issued to address these vulnerabilities. Finally, we will demonstrate a sample test suite which can be used to assess basic security properties of any mobile web/browser.
Modern Day HTML5 Attack And Defence Vectors
IT has been more than six years since the advent of HTML5 (dated back 2008), and as the time has passed by we have seen more and more websites utilizing HTML5 features and have witnessed that technologies like flash and silverlight are dying slowly. However, each of the HTML5 features could bring security issues if not used correctly, one of the major security issues with HTML5 is DOM Based XSS due to the heavy use of javascript in HTML5 based applications which would obviously be the prime highlight of this paper.
Modern Day HTML5 Attack And Defence Vectors
Ethical Hacking And Penetration Testing Guide
This book introduces the steps required to complete a penetration test, or ethical hack. Requiring no prior hacking experience, the book explains how to utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Simple explanations of how to use these tools and a four-step methodology for conducting a penetration test provide readers with a better understanding of offensive security
Ethical Hacking And Penetration Testing Guide
This book introduces the steps required to complete a penetration test, or ethical hack. Requiring no prior hacking experience, the book explains how to utilize and interpret the results of modern day hacking tools, which are required to complete a penetration test. Coverage includes Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Simple explanations of how to use these tools and a four-step methodology for conducting a penetration test provide readers with a better understanding of offensive security
Bypassing Modern WAF's XSS Filters - Cheat Sheet
Rsnake's XSS cheat sheet was one of the best resources available for bypassing WAF's, however overtime as browsers got updated lots of the vectors didn't work on the newer browser. Therefore there was a need to create a new Cheat Sheet. Over time i have developed my own methodology for bypassing WAF's and that's what i have written the paper on. The paper talks specifically about bypassing XSS filters, as for SQLi, RCE etc. I thought to write a different paper as the techniques differ in many cases.
Bypassing Modern WAF's XSS Filters - Cheat Sheet
Rsnake's XSS cheat sheet was one of the best resources available for bypassing WAF's, however overtime as browsers got updated lots of the vectors didn't work on the newer browser. Therefore there was a need to create a new Cheat Sheet. Over time i have developed my own methodology for bypassing WAF's and that's what i have written the paper on. The paper talks specifically about bypassing XSS filters, as for SQLi, RCE etc. I thought to write a different paper as the techniques differ in many cases.
Breaking The Great Wall of Web
-
Input Validation flaws such as XSS are the most prevailing security threats affecting modern Web Applications. In order to mitigate these attacks Web Application Firewalls (WAF's) are used, which inspect HTTP requests for malicious transactions. Nevertheless, they can be easily bypassed due to the complexity of JavaScript in Modern browsers. In this paper we will discusses several techniques that can be used to circumvent WAF’s exemplified at XSS.
This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.
Breaking The Great Wall of Web
This will paper talk about the concepts of WAF’s in general, identifying and fingerprinting WAF’s and various methodologies for constructing a bypass. The paper discusses well known techniques such as Brute Forcing, Regular expression reversing and browser bugs for bypassing WAF’s.
